California to step up cybersecurity efforts after hundreds of data breaches

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.contracostatimes.com/news/ci_25240432/california-step-up-cybersecurity-efforts-after-hundreds-data

California businesses and government agencies have experienced 300 separate
data breaches exposing the personal information of more than 20 million
customer accounts during the past two years, leading state Attorney General
Kamala Harris on Thursday to elevate cybersecurity as a key focus of the
state's top crime-fighting agency.

Harris said the California Department of Justice will begin playing a more
active role in advising employers about cybersecurity, while her office
will be taking the lead on a previously announced state-level investigation
into some of the most significant nationwide data breaches.

The 170 breaches reported to the attorney general's office in 2013
represent a 30 percent increase over the 131 identified the year before,
when state law required such reporting for the first time, according to
figures provided to The Associated Press. Among entities reporting breaches
in 2012 were American Express Travel Related Services Co., Kaiser
Permanente and several state government agencies, including the departments
of Public Health and Social Services.

The second report analyzing the 2013 data thefts is scheduled to be
released this spring.

Electronic data breaches compromised the Social Security numbers, credit
card and bank account information, and other sensitive data on 21.3 million
customer accounts during the two-year period. The actual number of victims
is unknown because many people could have had multiple accounts exposed.

"California is at the center of the digital revolution that is changing the
world," Harris said in an introductory letter for a new cybersecurity
business guide her department released Thursday. "Unfortunately,
cybercrime, data breaches, theft of proprietary information, hacking and
malware incidents are now routine."

Harris' office also disclosed that California is leading a multistate
investigation into the massive holiday season consumer data theft at
discount retailer Target Corp. and luxury retailer Neiman Marcus, breaches
that left tens of millions of customers at risk. More than 7 million
Californians were affected by the Target breach alone, Special Assistant
Attorney General for Law and Technology Jeff Rabkin said.

The U.S. Justice Department is taking the lead in trying to identify the
culprits, who are suspected to be based overseas, while the multistate
investigation focuses on whether the retailers share blame because they
lacked the necessary precautions to prevent the thefts. The state
investigation also will explore whether Target and Neiman Marcus acted
properly as soon as they learned of the problem, Rabkin said in a telephone
interview.

The investigation by some states has previously been disclosed, but not
California's leadership role. Rabkin declined to give details or say
whether other retailers also are under scrutiny, citing the ongoing
investigation.

Target, the nation's second-largest retailer, was told of suspicious
activity on Dec. 12 and publicly announced the breach a week later. Neiman
Marcus learned of its problem on Dec. 13 and notified customers nearly a
month later, on Jan. 10.

The 34-page guide Harris released Thursday advises smaller businesses to
encrypt data, use a secure browser connection, install firewalls, protect
passwords and prepare an emergency response plan if a cyberattack is
suspected, among other steps. It was developed at no cost to the state in
cooperation with the California Chamber of Commerce and security experts at
Lookout, a San Francisco-based mobile security firm.

Small- and medium-sized businesses are particularly vulnerable because they
usually lack full-time cybersecurity personnel, Harris said. Half of
hacking attempts statewide in 2012 targeted businesses with fewer than
2,500 employees, and nearly a third of all attacks were aimed at businesses
with fewer than 250 employees.

Retail breaches were the biggest problem in 2013, according to early
numbers provided to the AP. Data thefts at Target and LivingSocial, alone
each affected about 7.5 million California customer accounts.

Overall, thefts from retailers were responsible for nearly three-quarters
of the breaches affecting the 21.3 million accounts over the two-year
period.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!